Today we had a thread reported "Tool: Generator Class & Shop Arma3 Altislfie" which contained a tool to generate Config_Vehicle classes for vehicles and stores based on text box inputs (see image below).
Upon investigation the application (although functional) included a RAT (remote access tool / backdoor) and a key logger. The tool included a dropper which installed the virus onto your machine and onto any connected storage devices such as USB sticks, if you have ran this application I would highly recommend formatting any external storage devices.
VirusTotal scan of the .rar file
VirusTotal scan of the executed virus
The user who created the post has since been banned and the post removed.
If you had downloaded this application (from either here or from the link in the video description from the post) then please check the following (only applicable for Windows):
remove SEE_MASK_NOZONECHECKS from your windows environment variables (how-to).
check for c91b31a7dd6aea056205bfae04cfff82 in your windows registry (use regedit, ctrl-f) if you find it remove the entry. (how-to)
If you are aware that your machine has been infected, I would recommend blocking traffic with the IP address it communicates with (18.104.22.168) (how-to).
We do not condone attacking that IP address or it's owner and do not know if the owner is aware of the virus acting from it, steps have been taken to contact them.
Going forward we will be taking steps to ensure this does not happen again, we have since made the tools sub-forum require all threads to be approved before being posted to the site where we will run VirusTotal scans of all content uploaded to the thread before allowing it. Any positives from the scans will be investigated as false positives can still occur.
We would like to thank you for your understanding and are sorry to those affected.